STEVE INSKEEP, host:
Sony BMG has been criticized for adding potentially invasive software to some of its CDs. Sony says the software is only intended to protect copyrighted songs, which is not stopping privacy advocates from demanding a deeper investigation. NPR's Neda Ulaby reports.
NEDA ULABY reporting:
Here's your vocabulary word for the morning. Ready? It's `Rootkit.'
Mr. ARI SCHWARTZ (Associate Director, Center for Democracy & Technology): It's at the root of the computer. That's where the term Rootkit comes from.
ULABY: Ari Schwartz is associate director at the Center for Democracy & Technology in Washington, DC. If you're already stretching for the snooze button, stop. Schwartz believes you might care to know that Rootkit codes create secret spaces within your computer where all kinds of things might happen.
Mr. SCHWARTZ: They could potentially be used to mine for information. They could potentially be used to take over your computer, take all the information on your computer.
ULABY: Traditionally Rootkits were used by hackers to hide viruses. That's why Mark Russinovich was surprised when he discovered a Rootkit-like program on his computer not long after popping a CD by the group the Van Zants into his hard drive.
Mr. MARK RUSSINOVICH: And was presented with a user license agreement dialogue box telling me that it--in order to play the content on the CD, I needed to install the proprietary player software that was on the CD.
ULABY: Now most of us would just hit OK. When Russinovich hits OK, he thinks he knows what he's doing. He's co-written a book about Windows operating systems and he co-founded his own software company. Russinovich traced the mystery software back to the songs he'd put on his computer. And when he tried to get rid of the software, he said the effort disabled his CD drive. He described his travails on his blog. Russinovich says only certain systems are at risk.
Mr. RUSSINOVICH: Windows NT-based line of operating systems, so Windows 2000, Windows XP, Windows Server 2003.
ULABY: The software and the CD it rode in on was distributed by Sony BMG. Executives there say nothing sinister is going on and they object to such terms as spyware, malware and Rootkits.
Mr. THOMAS HESSE (President, Sony BMG Global Digital Business): Most people, I think, don't even know what a Rootkit is, so why should they care about it?
ULABY: Thomas Hesse is president of Sony BMG's Global Digital Business. He says only about 20 CDs have the software.
Mr. HESSE: The software is designed to protect our CDs from unauthorized copying and ripping.
ULABY: The software is cloaked, Hesse says, so would-be pirates can't find it and remove it. But technocrats were infuriated over the software's covert nature, enough of them that this week Sony BMG offered a new fix on its Web site to rid computers of the software. Ed Felten teaches computer science and public affairs at Princeton. He says even the fix is problematic and the legality of Sony's actions is confusing.
Mr. ED FELTEN (Princeton University): The lawyers that I've talked to say that it boils down to whether Sony's license agreement gave enough notice to users about what they were doing.
ULABY: Nico Cuponin(ph) says it doesn't. He works at a Finnish computer security firm and he tested some of the Van Zant CDs himself. Cuponin says that little pop-up box does not provide users with enough information.
Mr. NICO CUPONIN: And it doesn't warn you that it's going to be installing programs which will actively hide themselves and can be used by malicious programs to hide themselves too.
ULABY: Cuponin fears the software could be used to collect information. Sony BMG's Thomas Hesse says it won't.
Mr. HESSE: No information ever gets gathered about the user's behavior. No information ever gets communicated back to the user. This is purely about restricting the ability to burn MP3 files in an unprotected manner.
ULABY: Still, every single computer expert interviewed said they would no longer copy such protected CDs from any company to their computers and they warned about intrusive copy protection software that may soon be attached to games and DVDs.
Neda Ulaby, NPR News.
INSKEEP: This is NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.